• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

New IPs for sync interface

Scheduled Pinned Locked Moved HA/CARP/VIPs
5 Posts 2 Posters 1.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jeffsmith82
    last edited by Jul 10, 2017, 10:44 AM

    I need to change the IP addresses i have assigned to the sync interface between two HA setup boxes. What is the correct way to do this without downtime ?

    I'm assuming

    Disable System / High Availability Sync on master.
    change network on both machines
    change config on master to point to new slave ip address.
    enable the sync again.

    I have read that carp uses the interfaces it's running on to communicate so this should mean I don't end up with both machines claiming they own the CARP address right ?

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Jul 10, 2017, 7:32 PM

      The method you describe should be OK. You don't even need to disable sync if you are OK with clearing the GUI errors after, if you have any.

      I'd do it this way:

      • Change SYNC interface address on the secondary
      • Change pfsync address on the secondary's HA Settings
      • Change SYNC interface address on the primary
      • Change XMLRPC and pfsync address on the primary's HA settings
      • If you have any sync failure errors on the primary, clear them and force a new sync to be sure it's working properly.

      None of that should have any effect on your CARP traffic, which would be on all your other interfaces and not the sync interface.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • J
        jeffsmith82
        last edited by Jul 11, 2017, 8:55 AM

        Will do you list instead :-)

        Was also going to upgrade these boxes from 2.1.2 to the latest version but i'm a bit confused about it. I was used to doing

        • remove all packages
        • updating the slave first
        • disable carp on master
        • leave slave to run for a while to make sure its working
        • Update master

        But reading an older copy of the pfsense book its saying that updating the master can be preferred as it will sync changes to the slave and you don't want old config being replicated to new versions. What is the correct steps for this ?

        1 Reply Last reply Reply Quote 0
        • J
          jimp Rebel Alliance Developer Netgate
          last edited by Jul 11, 2017, 11:09 AM

          The correct steps today do not apply to a version that old. You will want to upgrade the primary first to avoid sync breaking the config on the secondary.

          Once you are on a current version, then there are much better update procedures for modern versions.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • J
            jeffsmith82
            last edited by Jul 11, 2017, 11:54 AM

            Found the relevant docs for this https://doc.pfsense.org/index.php/Redundant_Firewalls_Upgrade_Guide and it does indeed say for anything before 2.2.5 upgrade the master first.

            thanks for the help

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received